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lElE2du£|ion 

The following concept is intended to enable secure distribution and payment assurance 
for digital content, mainly Audio. This concept can also be applied to other digital 
10 content, such as video or data (software, games, etc.). 


US Pat 5,282,249 and 5,481,609 (Cohen et al) 

US Pat 4,748,«8 (Shamir eta^ 

IS Design of the Dallas Semiconductors "Soft Micro" series (50xx) 

\i All re f erences mentioned about and throughout the present specification are hereby 

incorporated herein by reference. 

U] Concept 

The concept involves sec u r e electronic distribution of digital contents (mainly audio), 
20 including its being secure from nrunrthonzed playout throughout its lifecycle. and assured 
jL payments. The system would support business models based on (possibly concurrent) 

,j distribution and payments modes, and rely on a combination of secure hardware and 

y software to prevent / retard hacking. 

yi The security of the system is a result of several basic rules: 

C3 25 • All content are encrypted throughout the system, the only exceptions being at the 

O Headend entry and at the last physical point immediately prior to actual physj cal use. 

In the audio example, that point would be the analog voltage signal going to the 
analog speakers. The physical construction of the integrated circuits handling the 
content (PM - Playout Module) would be such that no cleartext signal is available 
30 outside the IC package. 

• The business rules and data are embodied in a "security module" (SM), optionally 
removable (for example, in a ssnartcard). If removable, it is referred to as "Renewable 
Security Module (RSM). RSMs may be "paired** to players, the pairing relationship 
established either in manufacture or through an on-line connection to the Headend. 

35 • In addition to the SM, business rules rights, credits etc are maintained at the system 
Headend. Thus periodic connections to the Headend allow for synchronization and 
detection of pirate activity. One of the rules may force the user to establish a connection 
to the Headend on a periodic basis 
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• Each piece of content includes metadata, which specifically include signed 
(optionally encrypted) Entitlement Control Messages (ECMs), winch specifies 
entitlements required of the player in order to play oat that content 

• Bach player would receive - either separately or together with content delivery- 
Entitlement Management Messages (EMMs), that update the entitlements ("rights") 
of that player. EMMs maybe addressed to groups or individual players. 

• The SM / RSM checks requirements embodied in ECMs, and entitlements derived 
from EMMs, to decide whether the player is entitled to playout the particular content at 
fhattime. If the player is entitled, the SM produces the correct Control Word (or 
Keyword) required to decipher the content 

In addition. PECMs - a special class of ECMs may address specific players, who 
therefore do not require positive EMMs to enable playout of the specific content 
Negative EMMs may prohibit such action, for example by invalidating the player for all 
playout 

• Most software within tho PM and the SM is downloadable. AH software that may 
access any security-associated data can be downloaded only through a secure loader. 
The system would support content purchase and playout ether while connected to a 
central server (^Headend"), or while off-line. Off-line purchases are processed and 
recorded locally by the SM according to pre-established and changeable business rules. 
Data regarding off-line transactions is coordinated and cleared between the Headend and 
e ach SM upon connection. Specific business rules may prohibit ur>1imf^ off-line 
activity. 


The concept supports two basic distribution models: 

• Subscription- only members of "subscribed" groups are entitled for playout of any 
oonlwul earmarked for these gmups. Obtairting a subscription depends on payment of 
a subscription fee - one-time (pos sibly divided into term payments) or ongoing. The 
subscription fee may depend on any combination of group and individual subscriber 
properties — far example, group affiliation or membership in other subscription 
groups. 

Two special cases are "AIT group, and "zero subscription fee" case. A combination 
of these two cases amounts to "five content to all players". 
It should be noted that there may be a limit on the current total number of 
subscription groups per off-line player, since the entitlements and payment items have 
to be stored within the high-security device, whose memory £s at premium. 

• Purchase - an individual player may purchase individual pieces or groups of pieces, 
mid with a variety of methods such as outright ownership, rental for a given period of 
time or number of renderings, etc The purchase price may be a function of any 


parameter within the system, mctudmg (but not limited to) group membership, other 
purchases! time of purchase and/ox download. 

Purchase decision may be made either while on-line or off-lino. Off-line purchase 
decisions are handled locally by the SM/RSM, resulting in a limit on the number of 
s such purchases due to the SM's memory limitations. 

The use ofPECMs overcomes mis limitation, allowing an unlimited number of 
pieces, provided mat an two-way on-line connection with the Headend is established 
at some time following off-line purchase for provision of FECMs. 

10 Both models and all their variations may co-exist within a single system, with parameters 
under control of me Headend and, to a certain extent, under the player's control, 
it should be noted that bom distribution models support super-distribution (i.e. content 
may be delivered to a player by another player, rather man from the H ead end , with 
appropriate payment still going to the right party under Headend control). Super- 
15 distribution, copyprotection and media transfer (such as recording content on a Flash 
module in one player and attempting to play it in another player) are subject to business 
p% rules that are set by the Headend for particular content, groups, or individual players. 

^ Another form of supernlistributian is to support giifc*. where the purohas or has paid for 

the rights and the content is delivered to another user. One method would be to make the 
20 purchase from the headend on behalf of the other user: the headend would then send the 


content and appropriate PECM to the other user. 


Also, the model may be simplified - If desired- to handle legacy Cue. non-encrypted) 
content. Optionally it may be prevented from Handling any legacy content except by 
going through an encryption process. 
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The model incorporates several level of encryption, some to take care of minimal 
E3 requirements from industry organizations (such as SDMI), and some to take care of 

H* expected stringent requirements from concerned content providers. Thus, local recording 

CI of local content (such as voice memos) may be encrypted to comply with SDMI, but not 

Ul 30 to the same level as higjbevahie content supplied by the Headend. 

CI 

Q The model allows unlimited storage of content, such as in a PC disk, set-top box or any 

recordable media. Stored content are secure by virtue of their being encrypted, and not 
playable without going through a FM. For the PM, mere is no difference whether the 
35 immediate source of the content is the Internet, a broadcast means, or a PCs disk. 

Interpretation of business rules and conditions embodied in EMMs, BCMs and FECMs is 
done in the Security Module (SM). If the SM may be removable / renewable (Le. RSM - 
for example, using a smartcard. That module may optionally be easily removable, to 
40 enable its service in related or unrelated business applications (such as loyalty cards, 
purchase of non-digital content items, or any other use). There is an option to exchange 
data between applications, thus maMfng application of credit, loyalty points etc from one 
application to another. 
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Distribution modes 

Distribution conduits would be either bi-directional (Internet, Kiosk) or unidirectional 
(broadcast. IP multicast). Supeidistnljulion .(Lc content transfer between players) is a 
5 sub-case of a unidirectional conduit. 

Distribution modes: 

• Free — no encryption involved 
m Encrypted to all valid players 

• Encrypted to subscribers (according to their subscription level), Le. for a group 
10 • Encrypted for an individual 

The scheme i* implemented using two-tier encryption: the content to be delivered are first 
encrypted by a "strong" algorithm A (fa example, 3DESX axri 

Word) is encrypted using one of several algorithms, according to the iufwwM purpose of 
the particular piece. 

Optionally, the content is encrypted in several parts, each one having a different 
encryption mode. This serves the purpose of enabling , ^picvie^»fapBrticular(or 
aH) audiences. Some preview material (such as descriptive text) may not be encrypted at 


is 


35 


uses, are 


The key/keys, together with me metadata describing the content and its intended i 
20 delivered in encrypted and signed packers) together with the content. The whole 

message (content, keys and metadata) is signed (optionally using message digest or other 
special methods to efficiency© 

gifffrts delivery, management and nnvmenfa 

2S Bach player's "rights" or "entitlements" (i.e. which content he is entitled to use under 
what conditions and Sat what payment) is delivered in packets which may be delivered 
either separately or together with a given content package. Entitlement messages are 
encrypted / signed to either to an individual player or to a group of such players. 

The management of entitlements (addition, removal, invalidation, status polling) is done 
30 on a separate, secure "renewable" means of storage and computation, such as a 

smartaard. Thus the entitlements may be delivered vis several paths, including ones that 
do not mvolve the player at all (such as is done strictly or via a separate conduit either 
separate payments 


System Security implementation. 


Fig. 1 describes the end-to-end software security mechanism in supplying both individual 
imrchased content and subscri^ 
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(player). The overall scheme is similar to that used in Satellite TV Conditional Access 
(CA) as described in the Cohen & Ha.<hke* patents, except for the facility provided by 
Personal ECMs (PECMa) to overcome the hardware limitations of secure devices such as 
theSM. 

The headend transmits three typesof streams to each end user device: 

1. EMMs 

2. Content (inemding metadata and embedded BCMs) 

3. PBCMs 
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EMMs. which are securely signed at creation time by the security server, may be 
delivered over the air in broadcast mode or across the return path in unicast mode to 
individual or sets of end users. The EMM authorizes each end user to receive Free and 
subscription content or to purchase Paid content This is accomplished by sending the SM 
IS / RSM within each player a CA Service ID that identifies the rights to a particular content 

CI ,w 

Q For Free content, bp EMM oontnmmg a common CA service ID ia distributed to all valid 

jatb players. For subscription content a EMM containing a specific CA Service ID is 

SJ delivered to the devices of all end users that subscribed to a particular service (for 
j« 20 example - Rock; Jazz, Beatles etc). 

pi For Paid content, a EMM contaimng a particular CA Service ID is sent to all end users 

US authorized to purchase mis item, 

C) 

* The content production system consists of a content management device that receives 

^ 25 files and passes them to cither the broadcast station for broadcast to the end user 
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Ut 

a 
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population or to the Web site for on demand retrieval by the end user population. Note 
mat the actual delivery mode is unimportant to this discussion, and local storage outside 
the player (such as a PC hard disk) or fr u pen h stribuiion would act in exactly the same 
way. In either or any mode, an end user may retrieve one of three types of content: 

1. Free content tlestmed for all valid end users 

2. Subscription content destined for only those end users subscribed to this content 

3. Paid content destined for only those end users that purchase mis content uniquely 


35 Note (encrypted) content may be freely copied from one player (or intermediate storage) 
to another, but the system poses certain l imitati ons on its decryption and playout: 

• Free content maybe decrypted by all valid players 

• Subscription content may be decrypted by all other end users subscribed to that 
content service 

40 • Paid content may be decrypted by properly authorized players only following a 
purchase action for mat content Purchasing may be either on-line (Lc recorded 
directly in me Headend) or off-line (i.e. recorded by the SM and cleared through the 
Headend at a later date) 
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In oidcr to meet these requirements, the content management station encrypts off-line all 
content files with a control word provided by the ECM Generator (ECMG) and embeds 
withm he content the actual EGM that is secretly signed by the security server. The 
control word is derivable from the EGM using a method such as encryption or one-way 
flmcti i on as determined by the security s erven Note that the security s aver contains 
security with a replaceable algorithm synchronized with the replaceable security module 
m the player. 

For fiee content there is one or moie embedded ECMs ma* conlam the smgle CA Service 
that all valid end users are authorized to render. For Subscription content, dim is one or 
more embedded ECM that contains the CA service that only mat group maybe 
authorized to render. For paid content, there maybe separate types of ECMs -mfrrddrd 
m the content. One type of embedded ECM maybe associated with the duration of the 
firo preview and contain the CA service of all valid end users. Another type of embedded 
ECM signifies mat this content is purchasable and contains both the unique ID for that 
Paid content and a CA service of the group that are an owed to purchas e this paid content 
It will also include all the information necessary to determine the price and business 
model(s) which applies to that purchase: for instance, rental duration and associated 
pricing, number of renderings and associated pricing and/or price for outrigit ownership. 

As mentioned, me content is delivered reliably to the end user device via either a uni- 
dmctkmal or asymmetric broadcast mechanism or Wsymmetric unicast mechanism and 
stored in the persistent storage of that end user device (hard disk. Flash chip et al) . 

Upon playout of me fiee or subscription content me (optionally renewable) security 
module, within the player compares the CA Service ID of each ECM associated with the 
content with those sent via EMM to denote this end user's entitled rights. If mere is a 
match, the security module within the end user device will secretly repeatedly recreate all 
control words to enable secure decryption of the content and, in the case of music, 
rendering to the analogue output 

For playout of the paid content, the same mechanism is used to raider the preview 
portion. However, upon reaching fee paid ECM. the end user will be required to purchase 
this content via some user friendly interface (a purchase button for instance). If 
aumorized, upon purchase, the security module will securely mark this purchase by 
marking a purchase slot containing the unique ID of the enni™* r^n**^^ -vith a 
unique ID of the device. Upon playout of this content after purchase, the security module 
compares the unique content ID contained in the contends ECM and 
device with the contents of the slots stored in the rcplac cable security unit If there is a 
match, the file is decrypted and rendered at the analogue output 

fiS^* 1 * a f^* f P***^t «wn«y (purchase slots) in the security module is 
finite and we desire to allow cadi end user to make an mfim^ number of purchases, we 
provide a third stream cal^ The PECM is a packet that 

socirolyanthonzes the association between this particular MP3 music item and end user. 
AH PECMs associated with th e same content item will generate the same control word; 



however, the security module of only the specific player will be able to generate the 
control word from its PECM. PECMs are also signed securely by the security server. 

Whenever the end user connects to the headend 1 , the end user device will replace the 
5 ECMfip that are tied to persistent purchase slots in the replaceable security module, with 
PECMS mat are just as secure but act autonomously. Hence, this connection will in effect 
reset die number o f content items that the end user may purchase and bring it back to the 
maximum number supported by the hardware. 

10 Upon playout o f content with an associ atnrt PBCM, the player will first render the 
preview, as mentioned previously. Upon attaining a PECM, the replaceable secure 
module will ensure the presence of the appropriate content item and end user device and, 
if accurate, produce the control word to enable decryption of the paid content and 
rendering to the analogue output, 

IS 

Please note that the PECM mechanism was not required for prior art in the TV 
Conditional Access Arm»%r\ t since secure digital recording of the TV broadcast was not 
considered. The number of purchase slots required within the SM was therefore rather 
small, and could be easily implemented with existing technology. For paid and seourely- 
20 recorded content as considered here, the number of separate pieces purchased and kept 
could be very large. The PECM mechanism solves this problem, since PECMs do not 
require any slots. 

Also note that the original ECMb are still attached to the encrypted content even while it 
is playable by PECM. This is very important for the case that the purchased content 

35 (together with attached ECMs and PECMs) are copied to another player. The second 
player would not be able to use the attached PECM, since it is keyed to the first player. 
The sequence that will occur is that the player would recognize the PECM as such, send it 
to the SM, and receive an "invalid PECM" response. This will result in the player / SM 
going to the embedded ECM and acting as indicated — Le. a purchase will occur, either 

30 vis-a-vis the Headend or with the second player's SM- In effect, this results in 

sixr^tdistrTbutian — Le. the end-users themselves distribute the content, with the system 
center (Headend) j ust collecting the payment and reconciling acco unts. 


35 Playersecuritv 

The player is a potential weak link in the system, since it is accessible to potential hackers 
who would try to analyze it and / or extract the unencrypted content. It would therefore 
be built around a "secure chipset", which may include one or two chips. The single-chip 
model is shown in Figure 2. 


1 There are two potable framewmlia to ensure headend connection, fothc Uttteast domain (wtfc arte), the 
end user may be forced to connect at least once a day (to fetch EMMs and PECMs), or fhe device - in the 
audio case - will only render one or two de&nhaanga. In tfoe broadcast domain, mo end user may see a 
purchase tp*"**** (similar to the battery mifff on laptop computers), which denote the Dumber of purchases 

"n»fm» E A.t 1mm -mrpnfntng pnrehrai^ flift mar <m his Own ■ncrtrd will nacnrtnac* to re«et ftg purchase 

meter to the maximum (equivalent to the somber of purchase slots). 
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The main consideration in the chip design (other achieving the desired level of 
performance) is to avoid having any unencrypted content outside of the secure chip* 
Thus, external content memory is encrypted (or scrambled), unencrypted data busses do 
not extend off-chip, and digital-to-analog conversion (D/A) is performed on-chip. 
Since the content decoding algorithms (as well as the decryption algorithms) may change 
over time, at least a part of program memory has to be downloadable. Any program mat 
can access any of the security-related software c>r data imist not b^ to a change 

by non-authorized operators. Such program must therefore be loaded only througji a 
secure loader, remnrmg knowledge of secret passwords and procedures, and optionally 
Zero Knowledge Test-type authentication, such as Fiat^barjiir. 
External program memory and its bus have to be encrypted to det« 
the program. Since me encryption scheme /keyword 

amenable to analysis man that of the more-CTtical program memory, the two schemes (ox 
at least their keywords) must be difierent- 

m addition, it is deeireb le to have each individual player device use its own keywords, so 
mat bus readout on two different devices would yield different results. This may be 
achieved either by each device's random keywords be gerieratedby final test m^hmery 
during production, and burned-in too on-chip persistent memory. Another option 
involves having a true random number generator on-board, generating random keywords. 
On-chip keyword generation is especially attractive if battery-backup volatile external 
memory is used, similar to the scheme used by Dallas Semiconductor for their "Soft 
Micro" line of secure microcontrollers. 

In any event, keywords and other "secret* information must be stored on-chip, to avoid 
rhdr being exposed to Hne sniffing. Firruiermore, proprietary techniques are used to 
protect these secrets against invasive attacks using rnicro-probing equipment. Other 
proprietary techniques may be used against other attacks, such as Power Analysis, 
Differential Power Analysis, and Slap / Glitch attacks. 


Other essential foments lyithm the secure chipset are; 

• Mode set logic and hardware — to enable the same basic chipset to serve the varying 
requirements of system vendors. A typical imple menlati on would contain one-time 
memory dements (OTP) or fuses, to force a particular chip into certain modes — for 
example, use of a bigfr-security RSM vs. no RSM. 

• Security algorithms haidware -required to accelerate certain computations such as 
DES or modulo arithmetic 

• Secure clock - several implementations are possible, with all based on non-volatile 
internal memory. Clock security would be required to pi event hackers from resetting 
the clock to an earlier (or future) date to obtain some time - dependent rights. One 
example would be if a desirable music piece was pro-released to be playable only 
after a certain date, or to bypass rental expiration. 
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NOTE: Fig 2 shows only security-related elements. Other items such as digital input / 
output, power supply, reset etc are not shown. 
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